CyberSec.Space Logo
Back to CVE Browser

CVE-2004-1680

MEDIUM
5.0
CVSS Severity Score
EPSS Score0.0870%
EPSS Percentile2.19th
PublishedSep 13, 2004
Last ModifiedApr 16, 2026

Vulnerability Description

application.cgi in the Pingtel Xpressa handset running firmware 2.1.11.24 allows remote authenticated users to cause a denial of service (VxWorks OS crash) via a long HTTP GET request, possibly triggering a buffer overflow.

Affected Platforms (CPE)

πŸ”Œ
Pingtel

Xpressa

= 1.2.5
πŸ”Œ
Pingtel

Xpressa

= 1.2.7.4
πŸ”Œ
Pingtel

Xpressa

= 1.2.8
πŸ”Œ
Pingtel

Xpressa

= 2.0
πŸ”Œ
Pingtel

Xpressa

= 2.0.1
πŸ”Œ
Pingtel

Xpressa

= 2.1.11.24

References & Advisories

πŸ”— http://secunia.com/advisories/12523
πŸ”— http://www.atstake.com/research/advisories/2004/a091304-2.txt
πŸ”— http://www.securityfocus.com/bid/11161
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/17346
πŸ”— http://secunia.com/advisories/12523
πŸ”— http://www.atstake.com/research/advisories/2004/a091304-2.txt
πŸ”— http://www.securityfocus.com/bid/11161
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/17346

Related Vulnerabilities

CVE-2002-066710.0

Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 has a default null administrator password, which could allow r...

CVE-2002-06719.8

Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 downloads phone applications from a web site but can not verif...

CVE-2002-06707.5

The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 uses Base64 encoded usernames and passwo...

CVE-2002-06687.5

The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows authenticated users to modify the...